Multi-factor authentication (MFA) is based on the idea that a user possesses several unique pieces of evidence which cannot be provided or accessed by a third party. This can be either knowledge like a password, biometric features like a fingerprint or a physical object like a hardware token.
Modern MFA solutions like LinOTP and the KeyIdentity MFA platform support a wide range of tokens to accommodate different use cases, risk levels and cost considerations in B2B and B2C scenarios. Here is a short overview on most common token types: hardware and software tokens, SMS and biometrics as well as QR and push tokens.
Hardware tokens: independent of the device running the application
Hardware tokens are available in various designs ranging from portable USB authenticators to keychain devices to flexible display panels embedded in identification cards. They all have one advantage in common: Since hardware tokens come with their own display and battery, they can operate independently of the device running the application.
A special type of hardware token is the standardized FIDO U2F supervised by the open-authentication industry consortium FIDO Alliance. Based on the Universal Second Factor standard U2F, users can “bring their own token” (BYOT). This means that tokens already owned can be reused at a consistent level of security Continue reading The basics of multi-factor authentication: How to pick the right token
With our blog post about binary patching, we saw how to edit the client binary to modify a function in our advantage. The change was minor, i.e. a single line in assembly. If we want to modify the function to add more complex logic and thus more assembly code, we will need to use code cave in order to avoid overwriting essential instructions for the game to execute properly.
The code cave technique consist of finding an area in the binary that is not used and add our assembly instruction in it. Then, in the function we want to modify, we overwrite one instruction to jump in our code cave. Our code cave should save the registers and flags and restored them at the end of it, as well as re-aligning the stack. Finally, we should also add in our code cave the overwritten instruction (used for the the jump) and jump back in the initial function.
This procedure is often used by malware developer to hide malicious code into benign applications. The problem with this solution is that it is easy the break the application, and also, it requires you to write your changes in assembly.
An easier solution would be to hook the library used by the client in order to “hijack” the execution flow and run custom code. With this solution, you write a new library in C/C++ and use LD_PRELOAD (in Linux) to load your new library before all others. This post will give you an example of how to use LD_PRELOAD in order to modify the logic of the game and be able to teleport wherever you want at any time and change your movement speed and jump height on the fly.
Continue reading PwnAdventure3 – Hooking shared library
When running a video game or any application on your laptop, you execute instructions that has been writing by the developers for a specific purpose. Sometimes, the instructions restrict you: e.g. an evaluation version of an application that exit after 30 minutes, or your player in your MMORPG that cannot jump high enough to access hidden high location. The executed instructions are located on your computer, which you control. You can therefore change those instructions to bypass restrictions (e.g. cracking) but also to improve or add new functionalities. This requires you to open the binary, understand the functions (reverse engineering) and patch it.
In this post, we will not change complex logic of the binary, but simply modify one line in the instructions to improve the capabilities of our character by increasing its movements speed.
Continue reading PwnAdventure3 – Patching Binary
Players usually explore, interact and understand the game through the classical user interfaces. With Pwn Adventure 3, the inputs are the mouse and keyboard where the user can move and interact with the Pwnie Island world. The output is the rendered 3D graphics and the HUD interface. However, sometime, the output is not enough for the user to fully understand exactly what he has to do in order to finish a quest. Those kind of “secrets” are often used by developers to increase the difficulty of the game and/or to force the player to explore, try and discover new things in the game. Considering the game was released for a 2-days CTF, we don’t have much time. We want to be the first one to finish all quests. That’s where Reverse Engineering comes in handy.
Continue reading PwnAdventure3 – Reverse Engineering Binary
The proxy developed in our previous post will allow us to intercept and modify the content of the network communication between the client and the game server(s), thus allowing us to spawn at any location, forge new elements on the map and pick up any object.
Continue reading Pwn Adventure 3 – Intercepting Packets